diff mbox series

[Openvpn-devel,v2] Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'

Message ID 20181007175215.25009-1-steffan@karger.me
State Accepted
Headers show
Series [Openvpn-devel,v2] Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth' | expand

Commit Message

Steffan Karger Oct. 7, 2018, 6:52 a.m. UTC 
From: Steffan Karger <steffan.karger@fox-it.com>

Like 'proto', a mismatch in key-method, keydir or tls-auth would fail
before we ever get to the point where we can print this warning.

This prepares for removing these from the occ string later on, but also
prepares for tls-crypt-v2, which allows a server to support tls-auth and
tls-crypt-v2 connections in parallel. Such a server will send 'keydir'
and 'tls-auth' in the occ string. This change removes the spurious
warnings about that in the client log.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
---
v2: use strprefix instead of strcmp, and add tun-ipv6.

 src/openvpn/options.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

Comments

Gert Doering Oct. 7, 2018, 9:19 a.m. UTC | #1 
Acked-by: Gert Doering <gert@greenie.muc.de>

I have not actually bothered to find a constellation that *would* trigger
an OCC warning (how?) but it compiles and passes tests, and the code looks
reasonable.  With added msg() calls I verified that it actually ignores 
the options this time.

I have taken the liberty to remove the space after "tun-ipv6" to make it 
actually match (no arguments, so no space) and learned something new about 
the treasures in our sources (strprefix())... :-) 

Your patch has been applied to the master and release/2.4 branch
(long-term compatibility and not very intrusive).

commit 3baae9ba52187166b7d0b05901732666477a2acb (master)
commit 266178b7b6280d5f32403ba8780ddbb517e3ac6a (release/2.4)
Author: Steffan Karger
Date:   Sun Oct 7 19:52:15 2018 +0200

     Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'

     Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20181007175215.25009-1-steffan@karger.me>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17618.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 2199af53..45c5ea64 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3788,11 +3788,15 @@  options_warning_safe_scan2(const int msglevel,
                            const char *b1_name,
                            const char *b2_name)
 {
-    /* we will stop sending 'proto xxx' in OCC in a future version
-     * (because it's not useful), and to reduce questions when
-     * interoperating, we start not-printing a warning about it today
+    /* We will stop sending 'key-method', 'keydir', 'proto' and 'tls-auth' in
+     * OCC in a future version (because it's not useful). To reduce questions
+     * when interoperating, we no longer printing a warning about it.
      */
-    if (strncmp(p1, "proto ", 6) == 0)
+    if (strprefix(p1, "key-method ")
+        || strprefix(p1, "keydir ")
+        || strprefix(p1, "proto ")
+        || strprefix(p1, "tls-auth ")
+        || strprefix(p1, "tun-ipv6 "))
     {
         return;
     }